#!/usr/bin/env python3
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
#dhcp 扫描，发现攻击者原理
#以下四个包
#1、进入的主机发送广播   	C DISCOVER Site2
#2、服务器回复OFFER    		R OFFER  IP
#3、我要这个IP				C REQUEST IP
#4、dhcp服务器确认			R ACK	  Site2
#dhcp客户端端口68，服务器端口67
conf.checkIPaddr = False
hw = get_if_raw_hwaddr('eth0')#网卡接口地址
dhcp_discover = Ether(dst='ff:ff:ff:ff:ff:ff')/IP(src='0.0.0.0',dst='255.255.255.255')/UDP(sport=68,dport=67)/BOOTP(chaddr=hw)/DHCP(option=[("message-type","discover"),"end"])
result_raw = srp(dhcp_discover,multi=True,timeout=5,verbose=False,iface="eth0")
result_list = result_raw[0].res#清单方式
for x in range(len(result_list)):
	ehter_fields = result_list[x][1][0].fields
	ip_fields = result_list[x][1][1].fields
	dhcp_fields = result_list[x][1][3].fields
	serverno = str(x + 1)
	print("=" *20 +"Server" + serverno + "="*20)
	print("Server" + serverno + "  MAC地址为： " + ehter_fields["src"])
	print("Server" + serverno + "  IP地址为：  " + ip_fields["src"])
	print("Server" + serverno + "  操作码为：  " + str(dhcp_fields["op"]))
	print("Server" + serverno + "  ciaddr为：  " + dhcp_fields["giaddr"])
	print("Server" + serverno + "  yiaddr为:   " + dhcp_fields["yiaddr"])


